openSUSE Security Update : xen (openSUSE-SU-2013:0636-1)

XEN was updated to fix various bugs and security issues : Security issues fixed : - bnc800275 - CVE-2013-0153: xen: interrupt remap entries shared and old ones not cleared on AMD IOMMUs - bnc797523 - CVE-2012-6075: qemu / kvm-qemu: e1000 overflows under some conditions - bnc797031 - Xen Security...

openSUSE Security Update : xen (openSUSE-SU-2012:1685-1)

This update of XEN fixes various denial of service bugs. - bnc789945 - CVE-2012-5510: xen: Grant table version switch list corruption vulnerability XSA-26 - bnc789944 - CVE-2012-5511: xen: Several HVM operations do not validate the range of their inputs XSA-27 - bnc789940 - CVE-2012-5512: xen:...

openSUSE Security Update : xen (openSUSE-SU-2013:1953-1)

Xen was updated to 4.2.3 c/s 26170 to fix various bugs and security issues. Following issues were fixed : - bnc845520 - CVE-2013-4416: xen: ocaml xenstored mishandles oversized message replies - bnc833483 - Boot Failure with xen kernel in UEFI mode with error 'No memory for trampoline' -...

Moderate: Red Hat Security Advisory: rhev-hypervisor6 3.4.0 security, bug fix, and enhancement update

Updated rhev-hypervisor6 packages that fix multiple security issues, several bugs, and add various enhancements are now available. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

Important: Red Hat Security Advisory: rhev-hypervisor6 security update

An updated rhev-hypervisor6 package that fixes two security issues is now available. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for each...

Vulnerabilities in HVM MSI injection

ISSUE DESCRIPTION The implementation of the HVM control operation HVMOPinjectmsi, while checking whether a particular IRQ was already set up in the necessary way, fails to properly check all respective conditions. In particular it doesn't check the returned pointer for being non-NULL before de-...

[SECURITY] Fedora 19 Update: xen-4.2.4-4.fc19

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

[SECURITY] Fedora 20 Update: xen-4.3.2-3.fc20

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

DEBIAN-CVE-2014-3124

The HVMOPsetmemtype control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service hypervisor crash or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types...

CVE-2014-3124

The HVMOPsetmemtype control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service hypervisor crash or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types...

CVE-2014-3124

The HVMOPsetmemtype control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service hypervisor crash or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types...

CVE-2014-3124

The HVMOPsetmemtype control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service hypervisor crash or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types...

Design/Logic Flaw

The HVMOPsetmemtype control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service hypervisor crash or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types...

UBUNTU-CVE-2014-3124

The HVMOPsetmemtype control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service hypervisor crash or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types...

CVE-2014-3124

CVE-2014-3124 affects the Xen hypervisor (versions 4.1–4.4.x). The HVMOP_set_mem_type control can cause invalid P2M entries, enabling a local guest HVM admin to trigger a hypervisor crash (DoS) and potentially execute arbitrary code via a separate qemu-dm vulnerability that leads to invalid page ...

CVE-2014-3124

The HVMOPsetmemtype control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service hypervisor crash or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types...

CVE-2014-0189

The CVE-2014-0189 issue affects the virt-who utility, where /etc/sysconfig/virt-who was world-readable, enabling a local attacker to read credentials for hypervisors stored in that file. Publicly available connected sources (Red Hat/CentOS advisories and Nessus/NASL records) confirm the vulnerabi...

ARM hypervisor crash on guest interrupt controller access

ISSUE DESCRIPTION When handling a guest access to the virtual GIC distributor interrupt controller Xen could dereference a pointer before checking it for validity leading to a hypervisor crash and host Denial of Service. IMPACT A buggy or malicious guest can crash the host. VULNERABLE SYSTEMS Bot...

Fedora Update for xen FEDORA-2014-4424

Check for the Version of xen OpenVAS Vulnerability Test Fedora Update for xen FEDORA-2014-4424 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of t...

Fedora Update for xen FEDORA-2014-4458

Check for the Version of xen OpenVAS Vulnerability Test Fedora Update for xen FEDORA-2014-4458 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of t...